Tenda G103 命令注入漏洞

The Tenda G103 is a GPON fiber access device designed specifically for home and SOHO users by the Chinese company Tenda. Version 1.0.0.5 of the Tenda G103 contains a command injection vulnerability. This vulnerability stems from an improper operation of the parameter “lanIp” in the function...

CVE-2026-5101

A vulnerability was identified in Totolink A3300R 17.0.0cu.557b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument lanIp leads to command injection. Remote exploitation of the attack is possible. The...

CVE-2026-5101 Totolink A3300R Parameter cstecgi.cgi setLanCfg command injection

A vulnerability was identified in Totolink A3300R 17.0.0cu.557b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument lanIp leads to command injection. Remote exploitation of the attack is possible. The...

TOTOLINK A3300R 命令注入漏洞

TOTOLINK A3300R is a wireless router produced by TOTOLINK Corporation. The TOTOLINK A3300R version 17.0.0cu.557b20221024 contains a command injection vulnerability. This vulnerability arises from improper handling of the parameter “lanIp” in the file /cgi-bin/cstecgi.cgi, which may lead to comman...

CVE-2025-12210

A vulnerability was identified in Tenda O3 1.0.0.102478. Affected by this vulnerability is the function SetValue/GetValue of the file /goform/AdvSetLanip. The manipulation of the argument lanIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is...

CVE-2025-12210

A vulnerability was identified in Tenda O3 1.0.0.102478. Affected by this vulnerability is the function SetValue/GetValue of the file /goform/AdvSetLanip. The manipulation of the argument lanIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is...

Tenda AC7 Command Injection Vulnerability

Tenda AC7 is a wireless router from Tenda, a Chinese company. A command injection vulnerability exists in Tenda AC7 version 15.03.06.44, which originates from the failure to properly filter the parameter lanIp in the file /goform/AdvSetLanip to construct command special characters, commands, etc...

CVE-2025-11523

A vulnerability was detected in Tenda AC7 15.03.06.44. This vulnerability affects unknown code of the file /goform/AdvSetLanip. The manipulation of the argument lanIp results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used...

CVE-2025-11523

A vulnerability was detected in Tenda AC7 15.03.06.44. This vulnerability affects unknown code of the file /goform/AdvSetLanip. The manipulation of the argument lanIp results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used...

EUVD-2025-33259

A vulnerability was detected in Tenda AC7 15.03.06.44. This vulnerability affects unknown code of the file /goform/AdvSetLanip. The manipulation of the argument lanIp results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used...

CVE-2025-11523

The CVE-2025-11523 entry concerns Tenda AC7 15.03.06.44. The affected component is the AdvSetLanip handler, with the vulnerability arising from improper filtering/handling of the lanIp parameter in /goform/AdvSetLanip, enabling remote command injection. Public exploits exist and can be used to ac...

PT-2025-41325

Name of the Vulnerable Software and Affected Versions Tenda AC7 version 15.03.06.44 Description A command injection issue exists in Tenda AC7 version 15.03.06.44. The issue is located in the file /goform/AdvSetLanip. Manipulation of the lanIp argument can lead to command injection. This can be...

EUVD-2022-33663

Malicious code in bioql PyPI...

EUVD-2023-31018

Malicious code in bioql PyPI...

EUVD-2022-33352

Malicious code in bioql PyPI...

CVE-2025-11121

A security vulnerability has been detected in Tenda AC18 15.03.05.19. The impacted element is an unknown function of the file /goform/AdvSetLanip. The manipulation of the argument lanIp leads to command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and m...

Tenda AC18 Command Injection Vulnerability

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 suffers from a command injection vulnerability that originates from the mishandling of the lanIp parameter by an unknown function in the...

CVE-2025-11121

A security vulnerability has been detected in Tenda AC18 15.03.05.19. The impacted element is an unknown function of the file /goform/AdvSetLanip. The manipulation of the argument lanIp leads to command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and m...

Tenda AC18 命令注入漏洞

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 suffers from a command injection vulnerability that originates from the mishandling of the lanIp parameter by an unknown function in the...

CVE-2023-51017

TOTOlink EX1800T v9.1.0cu.2112B20220316 is vulnerable to unauthorized arbitrary command execution in the lanIp parameter’ of the setLanConfig interface of the cstecgi .cgi...